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1 . A method for linking of a first characteristic of a first device (PP1 ,PP2) 
and a second characteristic of a second device (NP1 ,NP2) by a 
5 server (S1 ,AS2), the method comprising the steps of: 

- selecting (75) a first linking infomnation and a second linking 
information, the first linking information matching to the second 
linking information, 

- sending (100,150) from the server (SI ,AS2) the first linking 

10 information to the first device (PP1 ,PP2) and the second linking 

information to the second device (NP1,NP2), 

- presenting (200,250) by the first device (PP1 ,PP2) the first linking 
information and by the second device (NP1,NP2) the second 
linking information, 

15 - entering (300) into the first device (PP1 .PP2) an indication of the 

matching of the first linking information and the second linking 
information, 

- based on the entered indication of the matching, sending (400) to 
the server (S1 ,AS2) a matching confirmation for confirming the 

20 matching to the server (SI ,AS2). 

- associating (450) the first characteristic and the second 
characteristic based on the received matching confirmation. 



2. The method according to claim 1 , wherein the first device (PP1 ,PP2) 
25 is a trusted device and the first characteristic relates to an access 

legitimization legitimating the trusted device for accessing a first 
institution. 

3. The method according to claim 2, wherein the second characteristic 
30 comprises an identifier identifying the second device (NP1 .NP2) and 

access to a second institution is granted to or via the second device 
(NP1 ,NP2) based on the associating (450) of the first characteristic 
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^/W-*' relating to the access legitimization and the second characteristic 

^fr^ comprising the identifier, the second institution being identical to or 

different from the first institution. 



5 4. The method according to any of the preceding claims, wherein a 
request for authentication triggers the linking. 

5. The method according to any of the preceding claims, wherein the 
first linking information and the second linking infonnation comprise 

10 one or more randomly generated symbols. 

6. The method according to any of the preceding claims, wherein the 
first linking information is identical to the second linking information. 

15 7. The method according to any of the preceding claims, wherein the 
associating (450) is based on a verification for correctness of 
confirmation data entered into the first device (PP1,PP2). 

8. The method according to claim 7, wherein the entered confinmation 
20 data comprises at least one of 

(a) a Personal Identification Number, 

(b) a password, 

(c) an indication for additional information being presented in 
parallel to the first linking infomnation or second linking 

25 information, the additional information being 

distinguishable from the first linking information and the 
second linking information, and 

(d) data being computed on the base of the first linking 
information and/or the second linking information. 



30 



A server (S1 ,AS2) usable for linking of a first characteristic of a first 
device (PP1 ,PP2) and a second characteristic of a second device 
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(NP1 ,NP2), the server (SI .AS2) comprising a receiving unit for 
receiving messages, a transmitting unit for sending messages, and a 
processing unit for processing messages and information, wherein 
the processing unit is adapted to select a first linking information and 
a second linking information, the first linking information matching to 
the second linking infonnation, the transmission unit is adapted to 
send the first linking information to the first device (PP1 ,PP2) and the 
second linking information to the second device (NP1,NP2), the 
receiving unit is adapted to receive a matching confirmation from the 
first device (PP1 ,PP2), the matching confinnation confirming to the 
processing unit the matching of the first linking information presented 
by the first device (PP1 .PP2) and the second linking infomnation 
presented by the second device (NPI ,NP2), and the processing unit 
is adapted to execute an associating (450) of the first characteristic 
and the second characteristic based on the received matching 
confirmation. 

The server (S1 ,AS2) according to claim 9, wherein the first device 
(PP1 ,PP2) is a trusted device and the first characteristic relates to an 
access legitimization legitimating the trusted device for accessing a 
first institution. 

The server (S1,AS2) according to claim 10, wherein the second 
characteristic comprises an identifier identifying the second device 
and, based on the associating (450) of the first characteristic relating 
to the access legitimization and the second characteristic comprising 
the identifier, the processing unit is adapted to generate an access 
assertion for granting to or via the second device (NPI ,NP2) access 
to a second institution being identical or different from the first 
institution, and the transmission unit is adapted to send the access 
assertion to the second device (NP1,NP2) or the second institution or 
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to an entity supporting the second device (NP1 ,NP2) or the second 
institution for granting access. 

12. The server (S1 .AS2) according to any of the claims 9 to 1 1 , wherein 
5 the receiving unit is adapted to receive a request for authentication 

triggering the processing unit to execute the linking. 

13. The server (SI ,AS2) according to any of the claims 9 to 12, wherein 
the processing unit is adapted to select the first linking information 

1 0 and the second linking information to comprise one or more randomly 

generated symbols. 

14. The sen/er (S1 ,AS2) according to any of the claims 9 to 13, wherein 
the processing unit is adapted to select the first linking infomiation 

15 being identical to the second linking information. 

15. The server (S1 ,AS2) according to any of the claims 9 to 14, wherein 
the processing unit is adapted to execute the associating (450) of the 
first characteristic and the second characteristic based on a 

20 verification for correctness of confirmation data entered into the first 

device (PP1,PP2). 

16. A computer program usable for linking of a first characteristic of a first 
device (PP1,PP2) and a second characteristic of a second device 

25 (NP1 .NP2), the computer program being loadable into a processing 

unit of a sen/er (SI ,AS2), wherein the computer program comprises 
code adapted to select a first linking information and a second linking 
information, the first linking information matching to the second linking 
infonnation, to initialize a sending of the first linking infomnation to the 

30 first device (PP1 ,PP2) and a sending of the second linking infonnation 

to the second device (NP1,NP2), and to execute an associating (450) 
of the first characteristic and the second characteristic based on a 
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matching confirmation received from the first device (PPI ,PP2), the 
matching confimnation confirming to the computer program the 
matching of the first linking information presented by the first device 
(PPI ,PP2) and the second linking information presented by the 
5 second device (NP1 ,NP2). 



